You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by kk...@apache.org on 2015/02/10 15:40:37 UTC

svn commit: r1658724 - in /tomcat/native/trunk/native: include/ssl_private.h src/sslutils.c

Author: kkolinko
Date: Tue Feb 10 14:40:37 2015
New Revision: 1658724

URL: http://svn.apache.org/r1658724
Log:
Replace access to OpenSSL SSL internals
by accessor function. Internals are no longer
available for OpenSSL master.

In openssl/ssl.h the macro is defined as
#define SSL_CTX_clear_extra_chain_certs(ctx) \
    SSL_CTX_ctrl(ctx,SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS,0,NULL)

The implementation of SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS does NULL check and
does call sk_X509_pop_free(), so there no more need to do it here.
http://osxr.org/openssl/source/ssl/s3_lib.c#3637

Not compiled or tested, waiting for GUMP.

Modified:
    tomcat/native/trunk/native/include/ssl_private.h
    tomcat/native/trunk/native/src/sslutils.c

Modified: tomcat/native/trunk/native/include/ssl_private.h
URL: http://svn.apache.org/viewvc/tomcat/native/trunk/native/include/ssl_private.h?rev=1658724&r1=1658723&r2=1658724&view=diff
==============================================================================
--- tomcat/native/trunk/native/include/ssl_private.h (original)
+++ tomcat/native/trunk/native/include/ssl_private.h Tue Feb 10 14:40:37 2015
@@ -298,12 +298,6 @@ typedef struct {
 } tcn_ssl_conn_t;
 
 
-#define SSL_CTX_get_extra_certs(ctx)        ((ctx)->extra_certs)
-#define SSL_CTX_set_extra_certs(ctx, value) \
-    TCN_BEGIN_MACRO                         \
-        (ctx)->extra_certs = (value);       \
-    TCN_END_MACRO
-
 /*
  *  Additional Functions
  */

Modified: tomcat/native/trunk/native/src/sslutils.c
URL: http://svn.apache.org/viewvc/tomcat/native/trunk/native/src/sslutils.c?rev=1658724&r1=1658723&r2=1658724&view=diff
==============================================================================
--- tomcat/native/trunk/native/src/sslutils.c (original)
+++ tomcat/native/trunk/native/src/sslutils.c Tue Feb 10 14:40:37 2015
@@ -405,7 +405,6 @@ int SSL_CTX_use_certificate_chain(SSL_CT
     X509 *x509;
     unsigned long err;
     int n;
-    STACK_OF(X509) *extra_certs;
 
     if ((bio = BIO_new(BIO_s_file_internal())) == NULL)
         return -1;
@@ -421,12 +420,10 @@ int SSL_CTX_use_certificate_chain(SSL_CT
         }
         X509_free(x509);
     }
+
     /* free a perhaps already configured extra chain */
-    extra_certs = SSL_CTX_get_extra_certs(ctx);
-    if (extra_certs != NULL) {
-        sk_X509_pop_free(extra_certs, X509_free);
-        SSL_CTX_set_extra_certs(ctx,NULL);
-    }
+    SSL_CTX_clear_extra_chain_certs(ctx);
+
     /* create new extra chain by loading the certs */
     n = 0;
     while ((x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL)) != NULL) {



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org